Re: Virus/Cryptolocker called "WannaCry"

but even an unpatched ISIS is quite safe as long you dont open mail & browsing the web on it?

or does this virus infect by the network?

wannacry can propogate via an SMBv1 exploit, over the network. You should update windows to modern patch levels, though you may need to upgrade system director software prior to doing so if you care about staying in a tested environment.

FWIW, I patched an entire interplay environment to may 2017 security update rollups on monday and have had zero issues. We have not disabled smbv1...yet.

Re: Virus/Cryptolocker called "WannaCry"

I thinking that, to be 100% safe, you should backup your raw footage on a computer that is not connected to Internet. Put it on a storage(directly connected by ethernet) and then let that storage replicate to an other storage that can be reached by Avid clients. Is this making things too difficult, or is it the way to go?

Re: Virus/Cryptolocker called "WannaCry"

Trying to make backed up data available to clients isn't a priority I'd say and it still levaes you data vunerable.

Scheduled syncs of data to storage that isn't accessible normally is best. But even then the fact that the storage is connected makes it vunerable. Ideally you want the storage rotated and ideally offsite.

LTO tapes are a good solution but not easy to scale for very large workspaces.

The key to have a solid solution that gets the data safe.

If you have a malware or virus attack getting it back online quick will be the least of you worries. Geeting all the systems restored and secure is the bigger hill to climb.

I used to ensure I had at least one system in reserve not internet connected I could physically move backed up media to in case I needed to get a job up and running in an emergency.

ACI Moderator. I'm not employed by Avid or work for them. I just do this in my spare time. Symphony V8.6 / 8.3.1 HP Z400 system
[view my complete system specs]

Re: Virus/Cryptolocker called "WannaCry"

Buy a LTO drive connect it to a PC, install LTFS and the NEXIS Client. You now have tape based Media, sized 2.2TB or 6TB depending on LTO6 or LTO7 drive.

Create workspaces that corresponds to the max size of your LTO, set them to READ only as soon as they are full or when they reach a certain age (as you see fit).

Back them up to tape (robocopy E: D: /e /r:0 )* . Viola, you now have a complete backup of your Workspace on Tape, you wont need to run more backups during the projects life on this workspace. Thanks to the READ only nothing will be added to it.

*The mounted workspace has drive letter E and the LTFS drive D

But what about the Project??

You can copy those to another server, or even better, throw in a LTO tape and mount the project drive and copy that to a TAPE.

But the Project drive also contains media files..?

Robocopy got you covered..

robocopy E:\ D:\Project_Backup *.avp *.avb *.avs /e /r:0

Copies only project files (ohh and it also keeps the folder structure.)

LTO tapes are cheap, and with the right workflow you spend a few minutes getting the tape going, and just leaves it running until it is done. Typically you get 80-100MB pr second. With LTO7 and a 10GBit NIC you might get more.And LTO tapes are pretty much the only place where your data is 100% immune to any kind of CyberAttack.